none
Renew an expired certificate with Enterprise CA

    Question

  • Hi

    We are trying to renew some expired certificates (expired in november 2011), the CA is configured with Windows 2008 R2 DC. While trying to renew the expired certificates we are getting alerts saying "The certificate Authority denied teh request. A required certificate is not within it's validity period when verifying against currect system clock ....". So do we have to create any policy with CA to renew older expired certificates?

    Regards


    LMS

    Saturday, September 29, 2012 7:13 AM

Answers

All replies

  • Hello,

    You cannot renew a certificate once it has expired. In this case only new full certificate request should be performed.

    Renew an Existing Certificate Wizard Page

    Important:

    You cannot renew a certificate that has already expired. If you try to renew a certificate that has expired, the certification authority (CA) will reject the request, and you will see an error message similar to "Error Verifying Request Signature or Signing Certificate. A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file." This message will also be displayed in the Failed Requests node of the issuing CA. If your certificate has already expired, you must request a new certificate instead of renewing the existing certificate.

    Regards

    Saturday, September 29, 2012 7:42 AM
  • It is not possible to renew an expired certificate. You will have to issue a new certificate.
    Reference:http://technet.microsoft.com/en-us/library/dd378790(WS.10).aspx

    For details about Certificates,the Security forum is the better place: http://social.technet.microsoft.com/Forums/en/winserversecurity/threads


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, September 29, 2012 7:52 AM
  • Hi,

     

    I would like to confirm what is the current situation? If there is anything that I can do for you, please do not hesitate to let me know, and I will be happy to help.

    Regards,

    Arthur Li

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Arthur Li

    TechNet Community Support

    Wednesday, October 3, 2012 3:14 AM
    Moderator
  • This error message also appears when you try to renew certificates from a subordinary CA that has its own certificates expired (the error message is not better than that). For that you simply renew the certs on the subca as per article https://technet.microsoft.com/en-us/library/cc962077.aspx
    Wednesday, November 16, 2016 2:10 PM
  • Hi! I created a new certificate, and set up the NPS with the new certificate but I get the error "A required certificate is not validity period when verifying against the current system clock or the timestamp in the signed file."

    any idea?

    Thursday, March 2, 2017 6:15 PM
  • Felix,

    What are you doing exactly before you get this error message?

    Monday, November 6, 2017 5:38 PM